Overview

overview

7

Static

static

3

0ebb1f77b0...f3.exe

windows7-x64

7

0ebb1f77b0...f3.exe

windows10-2004-x64

7

Analysis

  • max time kernel
    2s
  • max time network
    138s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20231215-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20231215-enlocale:en-usos:windows10-2004-x64system
  • submitted
    25-12-2023 07:27

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    0ebb1f77b0e90440495937b617d5daf3.exe

  • Size

    899KB

  • MD5

    0ebb1f77b0e90440495937b617d5daf3

  • SHA1

    e0c8fbbb5384b0d8eece93b65cba88ccc7fb84a9

  • SHA256

    13724c11dd3b0c7c1c86b09467db1b0b45c96a06e8dbf89d93274bb274d9c736

  • SHA512

    b9846b71a0a41b4538ce3a503a5e797efca7bbc23d7b5ac36a397f4e1e671ea39791303ee777b564f14a9e3ea549a843fa4d35c128f217e2265c00723079abe6

  • SSDEEP

    24576:VxGaeDp3kdGp9kyPVzECqCYRK+ILTfBLXSYo:Oak9P7+CK

Score
7/10

Malware Config

Signatures

  • Executes dropped EXE 1 IoCs
  • Loads dropped DLL 8 IoCs
  • Suspicious use of WriteProcessMemory 3 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\0ebb1f77b0e90440495937b617d5daf3.exe
    "C:\Users\Admin\AppData\Local\Temp\0ebb1f77b0e90440495937b617d5daf3.exe"
    1⤵
    • Suspicious use of WriteProcessMemory
    PID:3744
    • C:\Users\Admin\AppData\Local\Temp\is-GUFEF.tmp\0ebb1f77b0e90440495937b617d5daf3.tmp
      "C:\Users\Admin\AppData\Local\Temp\is-GUFEF.tmp\0ebb1f77b0e90440495937b617d5daf3.tmp" /SL5="$5006C,500148,146432,C:\Users\Admin\AppData\Local\Temp\0ebb1f77b0e90440495937b617d5daf3.exe"
      2⤵
      • Executes dropped EXE
      • Loads dropped DLL
      PID:4060

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/3744-0-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/3744-77-0x0000000000400000-0x000000000042E000-memory.dmp

    Filesize

    184KB

    Download

  • memory/4060-41-0x00000000737E0000-0x0000000073D91000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4060-82-0x0000000000700000-0x0000000000701000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4060-42-0x00000000737E0000-0x0000000073D91000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4060-27-0x0000000003500000-0x0000000003515000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4060-20-0x0000000003390000-0x0000000003400000-memory.dmp

    Filesize

    448KB

    Download

  • memory/4060-68-0x0000000005880000-0x0000000005890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4060-74-0x0000000005880000-0x0000000005890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4060-76-0x0000000005670000-0x0000000005770000-memory.dmp

    Filesize

    1024KB

    Download

  • memory/4060-6-0x0000000000700000-0x0000000000701000-memory.dmp

    Filesize

    4KB

    Download

  • memory/4060-38-0x0000000005880000-0x0000000005890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4060-81-0x0000000003500000-0x0000000003515000-memory.dmp

    Filesize

    84KB

    Download

  • memory/4060-80-0x0000000003390000-0x0000000003400000-memory.dmp

    Filesize

    448KB

    Download

  • memory/4060-79-0x0000000000400000-0x0000000000531000-memory.dmp

    Filesize

    1.2MB

    Download

  • memory/4060-84-0x00000000737E0000-0x0000000073D91000-memory.dmp

    Filesize

    5.7MB

    Download

  • memory/4060-83-0x0000000005880000-0x0000000005890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4060-89-0x0000000005880000-0x0000000005890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4060-90-0x0000000005880000-0x0000000005890000-memory.dmp

    Filesize

    64KB

    Download

  • memory/4060-95-0x0000000005670000-0x0000000005770000-memory.dmp

    Filesize

    1024KB

    Download